ok

.github/workflows/version-bump.yaml

@@ -17,7 +17,6 @@ jobs:
     permissions:
       contents: read
       pull-requests: write
-      issues: write
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -47,6 +46,7 @@ jobs:
       - name: Check version bump requirements
         id: version-check
         run: |
+          # Run the script to check what versions should be
           output_file=$(mktemp)
           if ./.github/scripts/version-bump.sh "${{ steps.bump-type.outputs.type }}" origin/main > "$output_file" 2>&1; then
             echo "Script completed successfully"
@@ -56,14 +56,17 @@ jobs:
             exit 1
           fi
 
+          # Store output for PR comment
           {
             echo "output<<EOF"
             cat "$output_file"
             echo "EOF"
           } >> $GITHUB_OUTPUT
 
+          # Show output
           cat "$output_file"
 
+          # Check if any files would be modified by the script
           if git diff --quiet; then
             echo "versions_up_to_date=true" >> $GITHUB_OUTPUT
             echo "✅ All module versions are already up to date"
@@ -75,10 +78,6 @@ jobs:
             echo ""
             echo "Diff preview:"
             git diff
-            
-            git checkout .
-            git clean -fd
-            
             exit 1
           fi
 
@@ -86,7 +85,6 @@ jobs:
         if: failure() && steps.version-check.outputs.versions_up_to_date == 'false'
         uses: actions/github-script@v7
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
             const output = `${{ steps.version-check.outputs.output }}`;
             const bumpType = `${{ steps.bump-type.outputs.type }}`;

registry/coder/modules/claude-code/main.tf

@@ -3,8 +3,8 @@ terraform {
 
   required_providers {
     coder = {
-      source = "coder/coder"
-      version = ">= 2.7.0"
+      source  = "coder/coder"
+      version = ">= 2.5"
     }
   }
 }
@@ -54,18 +54,6 @@ variable "claude_code_version" {
   default     = "latest"
 }
 
-variable "install_agentapi" {
-  type        = bool
-  description = "Whether to install AgentAPI."
-  default     = true
-}
-
-variable "agentapi_version" {
-  type        = string
-  description = "The version of AgentAPI to install."
-  default     = "v0.2.2"
-}
-
 variable "experiment_use_screen" {
   type        = bool
   description = "Whether to use screen for running Claude Code in the background."
@@ -99,15 +87,6 @@ variable "experiment_post_install_script" {
 locals {
   encoded_pre_install_script  = var.experiment_pre_install_script != null ? base64encode(var.experiment_pre_install_script) : ""
   encoded_post_install_script = var.experiment_post_install_script != null ? base64encode(var.experiment_post_install_script) : ""
-  agentapi_start_command = <<-EOT
-    #!/bin/bash
-    set -e
-    
-    # use low width to fit in the tasks UI sidebar. height is adjusted to ~match the default 80k (80x1000) characters
-    # visible in the terminal screen.
-    agentapi server --term-width 67 --term-height 1190 -- bash -c "claude --dangerously-skip-permissions \"$(cat ~/.claude-code-prompt)\""
-  EOT
-  agentapi_start_command_base64 = base64encode(local.agentapi_start_command)
 }
 
 # Install and Initialize Claude Code
@@ -152,35 +131,9 @@ resource "coder_script" "claude_code" {
       npm install -g @anthropic-ai/claude-code@${var.claude_code_version}
     fi
 
-    # Install AgentAPI if enabled
-    if [ "${var.install_agentapi}" = "true" ]; then
-      echo "Installing AgentAPI..."
-      arch=$(uname -m)
-      if [ "$arch" = "x86_64" ]; then
-        binary_name="agentapi-linux-amd64"
-      elif [ "$arch" = "aarch64" ]; then
-        binary_name="agentapi-linux-arm64"
-      else
-        echo "Error: Unsupported architecture: $arch"
-        exit 1
-      fi
-      wget "https://github.com/coder/agentapi/releases/download/${var.agentapi_version}/$binary_name"
-      chmod +x "$binary_name"
-      sudo mv "$binary_name" /usr/local/bin/agentapi
-    fi
-
-    if ! command_exists agentapi; then
-      echo "Error: AgentAPI is not installed. Please enable install_agentapi or install it manually."
-      exit 1
-    fi
-
-    echo -n "$CODER_MCP_CLAUDE_TASK_PROMPT" > ~/.claude-code-prompt
-    echo -n "${local.agentapi_start_command_base64}" | base64 -d > ~/.agentapi-start-command
-    chmod +x ~/.agentapi-start-command
-
     if [ "${var.experiment_report_tasks}" = "true" ]; then
       echo "Configuring Claude Code to report tasks via Coder MCP..."
-      coder exp mcp configure claude-code ${var.folder} --ai-agentapi-url http://localhost:3284
+      coder exp mcp configure claude-code ${var.folder}
     fi
 
     # Run post-install script if provided
@@ -213,24 +166,8 @@ resource "coder_script" "claude_code" {
       export LANG=en_US.UTF-8
       export LC_ALL=en_US.UTF-8
 
-      # use low width to fit in the tasks UI sidebar. height is adjusted to ~match the default 80k (80x1000) characters
-      # visible in the terminal screen.
-      tmux new-session -d -s claude-code-agentapi -c ${var.folder} '~/.agentapi-start-command; exec bash'
-      echo "Waiting for agentapi server to start on port 3284..."
-      for i in $(seq 1 15); do
-        if lsof -i :3284 | grep -q 'LISTEN'; then
-          echo "agentapi server started on port 3284."
-          break
-        fi
-        echo "Waiting... ($i/15)"
-        sleep 1
-      done
-      if ! lsof -i :3284 | grep -q 'LISTEN'; then
-        echo "Error: agentapi server did not start on port 3284 after 15 seconds."
-        exit 1
-      fi
-      tmux new-session -d -s claude-code -c ${var.folder} "agentapi attach"
-
+      # Create a new tmux session in detached mode
+      tmux new-session -d -s claude-code -c ${var.folder} "claude --dangerously-skip-permissions \"$CODER_MCP_CLAUDE_TASK_PROMPT\""
 
     fi
 
@@ -266,7 +203,7 @@ resource "coder_script" "claude_code" {
 
       screen -U -dmS claude-code bash -c '
         cd ${var.folder}
-        ~/.agentapi-start-command
+        claude --dangerously-skip-permissions "$CODER_MCP_CLAUDE_TASK_PROMPT" | tee -a "$HOME/.claude-code.log"
         exec bash
       '
     else
@@ -280,20 +217,6 @@ resource "coder_script" "claude_code" {
   run_on_start = true
 }
 
-resource "coder_app" "claude_code_web" {
-  slug         = "claude-code-web"
-  display_name = "Claude Code Web"
-  agent_id     = var.agent_id
-  url          = "http://localhost:3284/"
-  icon         = var.icon
-  subdomain    = true
-  healthcheck {
-    url      = "http://localhost:3284/status"
-    interval = 5
-    threshold = 3
-  }
-}
-
 resource "coder_app" "claude_code" {
   slug         = "claude-code"
   display_name = "Claude Code"
@@ -306,18 +229,12 @@ resource "coder_app" "claude_code" {
     export LC_ALL=en_US.UTF-8
 
     if [ "${var.experiment_use_tmux}" = "true" ]; then
-
-      if ! tmux has-session -t claude-code-agentapi 2>/dev/null; then
-        echo "Starting a new Claude Code agentapi tmux session." | tee -a "$HOME/.claude-code.log"
-        tmux new-session -d -s claude-code-agentapi -c ${var.folder} '~/.agentapi-start-command; exec bash'
-      fi
-
       if tmux has-session -t claude-code 2>/dev/null; then
         echo "Attaching to existing Claude Code tmux session." | tee -a "$HOME/.claude-code.log"
         tmux attach-session -t claude-code
       else
         echo "Starting a new Claude Code tmux session." | tee -a "$HOME/.claude-code.log"
-        tmux new-session -s claude-code -c ${var.folder} "agentapi attach; exec bash"
+        tmux new-session -s claude-code -c ${var.folder} "claude --dangerously-skip-permissions | tee -a \"$HOME/.claude-code.log\"; exec bash"
       fi
     elif [ "${var.experiment_use_screen}" = "true" ]; then
       if screen -list | grep -q "claude-code"; then
@@ -325,7 +242,7 @@ resource "coder_app" "claude_code" {
         screen -xRR claude-code
       else
         echo "Starting a new Claude Code screen session." | tee -a "$HOME/.claude-code.log"
-        screen -S claude-code bash -c 'agentapi attach; exec bash'
+        screen -S claude-code bash -c 'claude --dangerously-skip-permissions | tee -a "$HOME/.claude-code.log"; exec bash'
       fi
     else
       cd ${var.folder}
@@ -336,9 +253,3 @@ resource "coder_app" "claude_code" {
   order        = var.order
   group        = var.group
 }
-
-resource "coder_ai_task" "claude_code" {
-  sidebar_app {
-    id = coder_app.claude_code.id
-  }
-}

registry/coder/modules/kasmvnc/main.tf

@@ -54,6 +54,29 @@ variable "subdomain" {
   description = "Is subdomain sharing enabled in your cluster?"
 }
 
+variable "kasm_config" {
+  type        = string
+  default     = ""
+  description = <<-EOT
+    Additional KasmVNC configuration in YAML format. Can be used to set DLP policies and other advanced settings.
+    
+    Example for DLP policies (according to KasmVNC documentation):
+    ```yaml
+    data_loss_prevention:
+      clipboard:
+        server_to_client:
+          enabled: false
+        client_to_server:
+          enabled: false
+      printing: false
+      download: false
+    ```
+    
+    For more advanced configuration options, see the KasmVNC documentation:
+    https://kasmweb.com/docs/latest/how_to/kasmvnc_dlp_policies.html
+  EOT
+}
+
 resource "coder_script" "kasm_vnc" {
   agent_id     = var.agent_id
   display_name = "KasmVNC"
@@ -65,6 +88,7 @@ resource "coder_script" "kasm_vnc" {
     KASM_VERSION        = var.kasm_version
     SUBDOMAIN           = tostring(var.subdomain)
     PATH_VNC_HTML       = var.subdomain ? "" : file("${path.module}/path_vnc.html")
+    KASM_CONFIG         = var.kasm_config
   })
 }
 

registry/coder/modules/kasmvnc/run.sh

@@ -193,19 +193,35 @@ else
   SUDO=""
 
   echo "WARNING: Sudo access not available, using user config dir!"
-
+  
+  # Always ensure the directory exists
+  mkdir -p "$HOME/.vnc"
+  
+  # We'll handle existing configs differently - we'll merge instead of skipping
   if [[ -f "$kasm_config_file" ]]; then
-    echo "WARNING: Custom user KasmVNC config exists, not overwriting!"
-    echo "WARNING: Ensure that you manually configure the appropriate settings."
-    kasm_config_file="/dev/stderr"
-  else
-    echo "WARNING: This may prevent custom user KasmVNC settings from applying!"
-    mkdir -p "$HOME/.vnc"
+    echo "INFO: Custom user KasmVNC config exists, will merge with new settings."
+    # Create a backup of the existing config
+    cp "$kasm_config_file" "$${kasm_config_file}.bak"
   fi
 fi
 
 echo "Writing KasmVNC config to $kasm_config_file"
-$SUDO tee "$kasm_config_file" > /dev/null << EOF
+
+# Create a temporary file for our config
+TEMP_CONFIG_FILE=$(mktemp)
+
+# Check if existing config file exists and preserve its content
+if [[ -f "$kasm_config_file" ]]; then
+  echo "Preserving existing KasmVNC configuration settings."
+  cp "$kasm_config_file" "$TEMP_CONFIG_FILE"
+  
+  # Update only the network section
+  if grep -q "^network:" "$TEMP_CONFIG_FILE"; then
+    # Network section exists, update only the websocket_port
+    sed -i "s/\([ \t]*websocket_port:\).*/\1 ${PORT}/" "$TEMP_CONFIG_FILE"
+  else
+    # Network section doesn't exist, add it
+    cat >> "$TEMP_CONFIG_FILE" << EOF
 network:
   protocol: http
   interface: 127.0.0.1
@@ -217,6 +233,45 @@ network:
   udp:
     public_ip: 127.0.0.1
 EOF
+  fi
+else
+  # Start with base network configuration for new config
+  cat > "$TEMP_CONFIG_FILE" << EOF
+network:
+  protocol: http
+  interface: 127.0.0.1
+  websocket_port: ${PORT}
+  ssl:
+    require_ssl: false
+    pem_certificate:
+    pem_key:
+  udp:
+    public_ip: 127.0.0.1
+EOF
+fi
+
+# Add additional KasmVNC configuration if provided
+if [[ -n "${KASM_CONFIG}" ]]; then
+  echo "Adding custom KasmVNC configuration."
+  
+  # Add a comment to mark the start of custom config
+  echo "" >> "$TEMP_CONFIG_FILE"
+  echo "# ---- START CUSTOM KASMVNC CONFIG ----" >> "$TEMP_CONFIG_FILE"
+  echo "" >> "$TEMP_CONFIG_FILE"
+  
+  # Directly append the YAML configuration
+  echo "${KASM_CONFIG}" >> "$TEMP_CONFIG_FILE"
+  
+  # Add a comment to mark the end of custom config
+  echo "" >> "$TEMP_CONFIG_FILE"
+  echo "# ---- END CUSTOM KASMVNC CONFIG ----" >> "$TEMP_CONFIG_FILE"
+fi
+
+# Apply the configuration
+$SUDO cp "$TEMP_CONFIG_FILE" "$kasm_config_file"
+
+# Clean up
+rm "$TEMP_CONFIG_FILE"
 
 # This password is not used since we start the server without auth.
 # The server is protected via the Coder session token / tunnel